'''ntop''' is a network traffic probe that shows the network usage, similar to what the popular [[top]] [[Unix]] command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every [[Unix]] platform and on [[Windows | Win32]] as well.

'''ntop''' is a network traffic probe that shows the network usage, similar to what the popular [[top]] [[Unix]] command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every [[Unix]] platform and on [[Windows | Win32]] as well.

−

ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.

+

ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.[http://www.ntop.org/products/ntop/]

+

+

== What ntop can do for me? ==

+

* Sort network traffic according to many protocols

+

* Show network traffic sorted according to various criteria

+

* Display traffic statistics

+

* Store on disk persistent traffic statistics in RRD format

+

* Identify the indentity (e.g. email address) of computer users

+

* Passively (i.e. without sending probe packets) identify the host OS

+

* Show IP traffic distribution among the various protocols

+

* Analyse IP traffic and sort it according to the source/destination

+

* Display IP Traffic Subnet matrix (who’s talking to who?)

+

* Report IP protocol usage sorted by protocol type

+

* Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)

+

* Produce RMON-like network traffic statistics

+

+

+

== Platforms ==

+

* Unix (including Linux, *BSD, Solaris, and MacOSX)

+

* Win32 (Win95 and above including Vista

+

+

+

== Media ==

+

* Loopback

+

* Ethernet (including 802.11Q)

+

* Token Ring

+

* PPP/PPPoE

+

* Raw IP

+

* FDDI

+

* FibreChannel

+

* ...and many more

+

+

+

== Requirements ==

+

+

=== Memory Usage ===

+

* It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.

+

+

=== CPU Usage ===

+

* It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.

+

+

== Protocols ==

+

* IPv4/IPv6

+

* IPX

+

* DecNet

+

* AppleTalk

+

* Netbios

+

* OSI

+

* DLC

+

* …and many more

+

+

== IP Protocols ==

+

* Fully User Configurable

+

+

== Additional Features ==

+

* VoIP support (SIP, Cisco SCCP and Asterisk IAX)

+

* NetFlow (including v5 and v9) and IPFIX support

+

* Network Flows

+

* Local Traffic Analysis

+

* Multithread and MP (MultiProcessor) support on both Unix and Win32

+

* Python lightweight API for extending ntop via scripts

+

* Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.

Contents

Overview

ntop is a network traffic probe that shows the network usage, similar to what the popular topUnix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.[1]

What ntop can do for me?

Sort network traffic according to many protocols

Show network traffic sorted according to various criteria

Display traffic statistics

Store on disk persistent traffic statistics in RRD format

Identify the indentity (e.g. email address) of computer users

Passively (i.e. without sending probe packets) identify the host OS

Show IP traffic distribution among the various protocols

Analyse IP traffic and sort it according to the source/destination

Display IP Traffic Subnet matrix (who’s talking to who?)

Report IP protocol usage sorted by protocol type

Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)

Produce RMON-like network traffic statistics

Platforms

Unix (including Linux, *BSD, Solaris, and MacOSX)

Win32 (Win95 and above including Vista

Media

Loopback

Ethernet (including 802.11Q)

Token Ring

PPP/PPPoE

Raw IP

FDDI

FibreChannel

...and many more

Requirements

Memory Usage

It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.

CPU Usage

It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.

Protocols

IPv4/IPv6

IPX

DecNet

AppleTalk

Netbios

OSI

DLC

…and many more

IP Protocols

Fully User Configurable

Additional Features

VoIP support (SIP, Cisco SCCP and Asterisk IAX)

NetFlow (including v5 and v9) and IPFIX support

Network Flows

Local Traffic Analysis

Multithread and MP (MultiProcessor) support on both Unix and Win32

Python lightweight API for extending ntop via scripts

Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.

Traffic statistics are saved into RRDdatabases for long-run traffic analysis.